The Trojan modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses.
The modified file is 1206 bytes in size. The following strings are added to the hosts file listed below:

GET /pv.gif?uigs_productid=web&uigs_t=1404660989708240&uigs_cookie=SUID=26266BB86914920A0000000053B9B257&uigs_uuid=1404660989708379&scrnwi=1024&scrnhi=768&uigs_pbtag=A&abtestid=0&query=%C2%BE%C2%A2%C3%8E%C3%A8%C3%90%C2%A6%C3%90%C2%A6&rn=25687&stype=2&htn=1&qcn=0&hbn=0&uuid=6be69b4a-b962-42eb-8324-0d6d8e367010&vr=null_0-null_1-null_2-30000909_3-30000909_4-null_5-null_6-null_7-null_8-null_9&exp_id=null_0-null_1-null_2-null_3-null_4-null_5-null_6-null_7-null_8-null_9&exp_id_list=0_0&exp_status=0&vrdetail=null_0-null_1-null_2-30000909_3-30000909_4-null_5-null_6-null_7-null_8-null_9&sm=d0_0-d0_1-d0_2-d0_3-d0_4-d0_5-d0_6-d0_7-d0_8-d0_9&msrc=sm&loc=CA&adn=0&adltbn=null&adltan=0&radn=0&qflag=0&qtype=0&warnLevel=127&leadtest=-1&eg=1&cost=116&bl=-1_127_0_0&pid=sogou-wsse-142c65e00f4f7cf2&qjf=sogou-wsse-142c65e00f4f7cf2&servuri=%2Fwebsearch%2Fsoso.jsp&rw=&idc=cnc&pn=10&jhhint=0&jhshuxing=0&intcat=web&inttab=61-0_40-1_28-2_41-3_39-4_43-5_9-6_29-7_30-8_45-9_62-10_&jhly=top&jhlysite=all-0_sohu.com-1_focus.cn-2_docin.com-3_&legalad=1&googlead=0&uigs_version=v1.1&uigs_refer=http://VVV.soso.com/ HTTP/1.1

GET /pv.gif?uigs_productid=webapp&type=tmon&uuid=6be69b4a-b962-42eb-8324-0d6d8e367010&loc=CA&abtestid=0&query=%C2%BE%C2%A2%C3%8E%C3%A8%C3%90%C2%A6%C3%90%C2%A6&eg=1&cost=116&idc=cnc&vr=null_0-null_1-null_2-30000909_3-30000909_4-null_5-null_6-null_7-null_8-null_9&h_s=1404660985943&h_e=1404660986568&b_e=1404660988755&a_e=1404660990302&w_l=1404660990333 HTTP/1.1